In today's computing environment, user authentication can often be adjusted based on the amount of perceived risks involved. For example, one or more factors can be added to an authentication process depending on how risky a login attempt may be. In some instances, a second authentication factor or another step is added to a one-step authentication process if, for example, a cookie of the computing device from which the user attempts to authenticate is missing, which prevents the authentication system from confirming prior use of the computing device. The additional authentication factor(s) can require the user to retrieve an identification code by text, call or email and enter the retrieved identification code at a designated authentication site. However, existing authentication systems and methods lack a comprehensive and holistic approach for evaluating authentication risks and adjusting authentication complexity.